Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
PUP.Optional.Delta.A

PUP.Optional.Delta.A


Log-Analyse und Auswertung: PUP.Optional.Delta.A

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.09.2013, 11:26   #3
geomont
 
PUP.Optional.Delta.A - Standard

PUP.Optional.Delta.A


Das hat gut geklappt!
Herzlichen dank!

Hier meine files:

Code:
ATTFilter
# AdwCleaner v3.001 - Report created 01/09/2013 at 12:02:19
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : johannes.gottlieb - TOSH1
# Running from : C:\Users\Johannes.Gottlieb\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserDefendert

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\LyriXeeker
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\LocalLow\delta
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\DSite
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\SpecialSavings
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\askcomsearch.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\delta.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\bprotector_prefs.js
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\\invalidprefs.js
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\user.js
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5b48cdee63fee43
Key Deleted : HKLM\SOFTWARE\5b48cdee63fee43
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=02B74CEDDE2C9948&affID=119357&tt=280813_ctrl1&tsp=4990");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com Search");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "1");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "5AC0143689A2D0DC378DEA751100BE7B");
Line Deleted : user_pref("extensions.delta.id", "02b7b3220000000000004cedde2c9948");
Line Deleted : user_pref("extensions.delta.instlDay", "15947");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.24.621:49:09");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "azb");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.621:49:09");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=280813_ctrl1&tsp=4990");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "%7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26,ffxtlbr%40delta.com:1.5.0,firefox%40webconnect.co:1.0.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Nuance\\\\NaturallySpeaki[...]
Line Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":1235,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Line Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.myshopping.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';win[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1377939440761 - processInstallationUpgrade - versionActual: 1.26\n1377939440761 - processInstallationUpgrade - isFirstTimeInstallation: false\n1377939440762 - [...]
Line Deleted : user_pref("extensions.wajam.unique_id", "5A786F596ECD51D89E2F48B8BAEA377A");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");

[ File : C:\Users\JoGo\AppData\Roaming\Mozilla\Firefox\Profiles\1gopu0hl.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14971 octets] - [01/09/2013 11:28:27]
AdwCleaner[S0].txt - [13831 octets] - [01/09/2013 12:02:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13892 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Ultimate x64
Ran by johannes.gottlieb on 01.09.2013 at 12:08:38,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA981843-89BD-4961-9F90-F9E6C948F964}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Lyrics Seeker Update.job
Successfully deleted: [File] "C:\Users\Johannes.Gottlieb\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Folder] "C:\Users\Johannes.Gottlieb\music\qtrax media library"



~~~ FireFox

Emptied folder: C:\Users\Johannes.Gottlieb\AppData\Roaming\mozilla\firefox\profiles\jrujsnqu.default\minidumps [282 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2013 at 12:14:49,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by johannes.gottlieb (administrator) on TOSH1 on 01-09-2013 12:22:48
Running from C:\Users\Johannes.Gottlieb\Desktop\Scannen von Schadsoftware
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Tobit Software) C:\Program Files (x86)\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe
(Tobit Software) C:\Program Files (x86)\Tobit InfoCenter\David\Code\SL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Tobit.Software) C:\Windows\SysWOW64\DV4TS.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
() C:\Program Files (x86)\HP Wireless Printer Adapter\ConnectMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1504608 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {2c5b5c17-2248-11e1-bdcc-002318949294} - F:\autorun.exe
MountPoints2: {fb37b720-f8bf-11e1-8193-002318949294} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [DV4TS.EXE] - c:\windows\system32\DV4TS.EXE [x]
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKU\administrator\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\JoGo\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\JoGo\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe [256280 2010-01-27] (Adobe Systems, Inc.)
HKU\User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verbindungsmanager.lnk
ShortcutTarget: Verbindungsmanager.lnk -> C:\Program Files (x86)\HP Wireless Printer Adapter\ConnectMgr.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {4118306C-A499-4736-B8ED-C7B1AEA899BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKCU - {043AF010-D3A0-4A79-BDD9-5EA978BE943D} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {4118306C-A499-4736-B8ED-C7B1AEA899BB} URL = 
SearchScopes: HKCU - {7BB8434F-BF7C-4CF0-8685-81632CA75039} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {E8DEF850-8D47-475F-9A8A-EF430DD2F1A1} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 83.169.185.97 83.169.185.33
Tcpip\..\Interfaces\{89A696DF-2554-4373-B5B9-4CC709836F0D}: [NameServer]192.168.1.1,192.168.1.254
Tcpip\..\Interfaces\{FF0CBC07-64D7-4841-B6C9-E10BAB31C86D}: [NameServer]192.168.1.1,192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://montanes.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lyrics Seeker - C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\131
FF Extension: WebConnect - C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\firefox@webconnect.co
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF HKCU\...\Firefox\Extensions: [{450ef4aa-3d18-4b12-8d9f-ecc17330b054}] C:\Program Files (x86)\LyricsSeeker\131.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsSeeker\131.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Drive) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: () - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje\2.0.0.1
CHR Extension: (YouTube) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (\x4cy\x72i\x63\x73\x20Se\x65\x6ber) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131
CHR Extension: (Gmail) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\Johannes.Gottlieb\AppData\Roaming\SpecialSavings\SpecialSavings.crx
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 DavidReplica; C:\Program Files (x86)\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe [1665536 2010-06-06] (Tobit Software)
R2 DavidServiceLayer; C:\Program Files (x86)\Tobit InfoCenter\David\Code\SL.EXE [2493272 2012-03-05] (Tobit Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2011-12-13] (Mobile Connector)
R3 hpnuhst; C:\Windows\System32\DRIVERS\hpnuhst.sys [16384 2007-03-27] (Hewlett-Packard Development Company)
R3 HPNUHUB; C:\Windows\System32\DRIVERS\hpnuhub.sys [40448 2007-10-30] (Hewlett-Packard Development Company)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 12:08 - 2013-09-01 12:08 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 11:28 - 2013-09-01 12:02 - 00000000 ____D C:\AdwCleaner
2013-09-01 10:48 - 2013-09-01 10:48 - 00000000 _____ C:\Users\Johannes.Gottlieb\defogger_reenable
2013-09-01 08:55 - 2013-09-01 08:55 - 00000000 ____D C:\FRST
2013-08-31 15:47 - 2013-08-31 15:47 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Vorträge 2013
2013-08-30 21:58 - 2013-08-30 21:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Malwarebytes
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-30 21:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 13:53 - 2013-09-01 12:05 - 00000412 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-08-29 13:53 - 2013-08-31 00:35 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-08-29 13:53 - 2013-08-29 13:53 - 00003084 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-08-29 13:53 - 2013-08-29 13:53 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\avgchrome
2013-08-27 08:12 - 2013-08-27 08:12 - 00924672 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 26 08 2013_ErgaenzungDD.ppt
2013-08-26 16:10 - 2013-08-26 16:10 - 00065732 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von Musterportfolio.xlsm
2013-08-25 22:05 - 2013-08-31 15:01 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Word-Docs
2013-08-25 20:45 - 2013-08-25 20:45 - 00050688 _____ C:\Users\Johannes.Gottlieb\Desktop\BBbank.xls
2013-08-25 11:11 - 2013-08-25 20:42 - 00806400 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 25.08.2013.ppt
2013-08-24 12:45 - 2013-08-24 12:45 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-24 11:04 - 2013-08-24 11:04 - 00003668 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910
2013-08-24 11:04 - 2013-08-24 11:04 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\HpUpdate
2013-08-24 11:04 - 2010-11-16 21:24 - 00750440 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5312.dll
2013-08-24 11:02 - 2013-08-24 11:02 - 00000000 ____D C:\Program Files\HP
2013-08-24 11:01 - 2013-08-24 11:01 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\HP
2013-08-23 11:41 - 2013-08-23 11:41 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 23 07 2013 - ENGLISH.ppt
2013-08-21 21:40 - 2013-08-21 21:40 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-21 08:04 - 2013-08-21 08:07 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 20 07 2013 - ENGLISH.ppt
2013-08-21 08:00 - 2013-08-21 08:00 - 02140160 _____ C:\Users\Johannes.Gottlieb\Desktop\ZED Renewable Energies Fund I - Basisinformation 15.07.2013.ppt
2013-08-15 19:52 - 2013-08-15 19:52 - 00037888 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130812_Schwarzenberg_Eco2heat.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00096256 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 2013_E2H_Projektabwicklung.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00058880 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130726_Schwarzenberg_Flächen.xls
2013-08-13 21:33 - 2013-08-13 21:34 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Bilder Madeira
2013-08-12 14:44 - 2013-08-12 14:45 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\201 TSW Terra-Sol
2013-08-11 08:14 - 2013-08-11 08:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

==================== One Month Modified Files and Folders =======

2013-09-01 12:22 - 2013-09-01 12:17 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Scannen von Schadsoftware
2013-09-01 12:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-01 12:12 - 2009-07-14 06:45 - 00021440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 12:12 - 2009-07-14 06:45 - 00021440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 12:08 - 2013-09-01 12:08 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 12:06 - 2012-09-17 09:39 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Skype
2013-09-01 12:05 - 2013-08-29 13:53 - 00000412 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-01 12:04 - 2012-12-24 12:52 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 12:03 - 2012-07-05 09:40 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-01 12:03 - 2010-11-20 07:21 - 00144112 _____ C:\Windows\PFRO.log
2013-09-01 12:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 12:03 - 2009-07-14 06:51 - 00058239 _____ C:\Windows\setupact.log
2013-09-01 12:02 - 2013-09-01 11:28 - 00000000 ____D C:\AdwCleaner
2013-09-01 12:02 - 2010-11-20 07:25 - 01125327 _____ C:\Windows\WindowsUpdate.log
2013-09-01 11:54 - 2012-08-09 22:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 11:25 - 2012-12-24 12:52 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 11:00 - 2009-07-14 06:45 - 00511528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-01 10:48 - 2013-09-01 10:48 - 00000000 _____ C:\Users\Johannes.Gottlieb\defogger_reenable
2013-09-01 10:48 - 2012-08-27 12:46 - 00000000 ____D C:\Users\Johannes.Gottlieb
2013-09-01 09:19 - 2013-06-04 10:40 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Desk Programme
2013-09-01 08:55 - 2013-09-01 08:55 - 00000000 ____D C:\FRST
2013-09-01 08:51 - 2012-08-27 12:49 - 00132800 _____ C:\Users\Johannes.Gottlieb\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 08:26 - 2012-01-26 15:57 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2013-08-31 15:47 - 2013-08-31 15:47 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Vorträge 2013
2013-08-31 15:20 - 2009-07-14 19:58 - 00697542 _____ C:\Windows\system32\perfh007.dat
2013-08-31 15:20 - 2009-07-14 19:58 - 00148548 _____ C:\Windows\system32\perfc007.dat
2013-08-31 15:20 - 2009-07-14 07:13 - 01614924 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 15:01 - 2013-08-25 22:05 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Word-Docs
2013-08-31 11:23 - 2012-03-28 12:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 09:24 - 2012-08-27 12:46 - 00000000 ___RD C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-31 09:23 - 2012-11-22 19:29 - 00000000 ____D C:\Program Files\Bonjour
2013-08-31 09:23 - 2012-11-22 19:29 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-31 09:15 - 2012-02-17 02:12 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-31 09:09 - 2012-12-23 21:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-31 09:09 - 2012-12-23 21:24 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-31 09:08 - 2012-12-23 21:24 - 00000000 ____D C:\Program Files\iTunes
2013-08-31 09:08 - 2012-12-23 21:24 - 00000000 ____D C:\Program Files\iPod
2013-08-31 08:21 - 2013-07-28 12:25 - 00000072 _____ C:\Users\Johannes.Gottlieb\AppData\Roaming\WB.CFG
2013-08-31 08:21 - 2013-06-22 12:01 - 00000005 _____ C:\Users\Johannes.Gottlieb\AppData\Roaming\WBPU-TTL.DAT
2013-08-31 00:35 - 2013-08-29 13:53 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-08-31 00:35 - 2013-02-18 15:51 - 00000000 ___RD C:\Users\Johannes.Gottlieb\Desktop\Dokumente 2013
2013-08-30 21:59 - 2013-08-30 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Malwarebytes
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 17:05 - 2012-09-15 20:27 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Tobit
2013-08-29 13:53 - 2013-08-29 13:53 - 00003084 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-08-29 13:53 - 2013-08-29 13:53 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\avgchrome
2013-08-29 08:04 - 2012-11-11 00:11 - 00000000 ____D C:\Users\Johannes.Gottlieb\Documents\Solar und Fotovoltaik Software 2011
2013-08-28 14:21 - 2013-07-22 21:15 - 00000000 ____D C:\Users\Johannes.Gottlieb\Documents\PhraseExpress
2013-08-28 14:21 - 2013-07-22 21:00 - 00000000 ____D C:\Users\Public\Documents\PhraseExpress
2013-08-28 14:03 - 2013-05-18 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 08:12 - 2013-08-27 08:12 - 00924672 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 26 08 2013_ErgaenzungDD.ppt
2013-08-26 16:10 - 2013-08-26 16:10 - 00065732 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von Musterportfolio.xlsm
2013-08-25 20:56 - 2013-07-09 11:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-25 20:45 - 2013-08-25 20:45 - 00050688 _____ C:\Users\Johannes.Gottlieb\Desktop\BBbank.xls
2013-08-25 20:42 - 2013-08-25 11:11 - 00806400 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 25.08.2013.ppt
2013-08-24 12:52 - 2012-02-17 01:00 - 00000000 ____D C:\ProgramData\HP
2013-08-24 12:45 - 2013-08-24 12:45 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-24 11:04 - 2013-08-24 11:04 - 00003668 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910
2013-08-24 11:04 - 2013-08-24 11:04 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\HpUpdate
2013-08-24 11:02 - 2013-08-24 11:02 - 00000000 ____D C:\Program Files\HP
2013-08-24 11:01 - 2013-08-24 11:01 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\HP
2013-08-23 11:41 - 2013-08-23 11:41 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 23 07 2013 - ENGLISH.ppt
2013-08-21 21:41 - 2012-08-09 22:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 21:40 - 2013-08-21 21:40 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-21 21:40 - 2012-08-09 22:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 21:40 - 2012-02-27 22:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 08:07 - 2013-08-21 08:04 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 20 07 2013 - ENGLISH.ppt
2013-08-21 08:00 - 2013-08-21 08:00 - 02140160 _____ C:\Users\Johannes.Gottlieb\Desktop\ZED Renewable Energies Fund I - Basisinformation 15.07.2013.ppt
2013-08-19 16:57 - 2013-07-24 18:07 - 00002154 _____ C:\Users\Johannes.Gottlieb\AppData\Roaming\SAS7_000.DAT
2013-08-18 07:26 - 2013-07-21 18:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 07:23 - 2012-11-11 13:37 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 14:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-15 19:52 - 2013-08-15 19:52 - 00037888 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130812_Schwarzenberg_Eco2heat.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00096256 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 2013_E2H_Projektabwicklung.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00058880 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130726_Schwarzenberg_Flächen.xls
2013-08-13 21:34 - 2013-08-13 21:33 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Bilder Madeira
2013-08-12 14:45 - 2013-08-12 14:44 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\201 TSW Terra-Sol
2013-08-11 08:14 - 2013-08-11 08:14 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-07 17:13 - 2010-06-08 15:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-07 17:13 - 2010-06-08 15:10 - 00000000 ____D C:\ProgramData\Skype
2013-08-05 16:25 - 2013-06-29 08:42 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Dokumente 2013 Juli

Files to move or delete:
====================
C:\Users\JoGo\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\JoGo\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\APNStub.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\AskSLib.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\de_ww_Package.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\Quarantine.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TuneUpUtilities2013_de-DE.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\uninst1.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\{AC76BA86-1033-F400-BA7E-100000000002}\asneu.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\{2CBCEC3C-FD52-4FE0-8EDE-48726B3095D1}\ISBEW64.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\UpdateWizard_62743\SilentUpdater.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\upd15D8\BabScheduler2000201.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\awt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\cmm.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\dcpr.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\deploy.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\deploytk.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\dt_shmem.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\dt_socket.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\eula.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\fontmanager.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\hpi.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\hprof.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\instrument.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\ioser12.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\j2pcsc.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jaas_nt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\java-rmi.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\java.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\java_crw_demo.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jawt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jbroker.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\JdbcOdbc.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jdwp.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jli.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2iexp.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2launcher.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2native.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2ssv.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jpeg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jsound.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jureg.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\management.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\mlib_image.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\msvcrt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\net.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\nio.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\npdeploytk.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\npt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\pack200.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\regutils.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\rmi.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\splashscreen.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\ssv.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\ssvagent.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\unpack.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\unpack200.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\verify.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\w2k_lsa_auth.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\wsdetect.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\zip.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\server\jvm.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\new_plugin\msvcrt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\new_plugin\npjp2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\dotnetinst.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\instutil.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\java_launcher.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\mwinstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\vcredist_x64.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\VCRT_check.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\SDIAG_a7855e6b-455c-4ecf-8895-78cad746d533\DiagPackage.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\SDIAG_9fe09922-66d0-44a7-a478-02c278c0d08b\DiagPackage.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\Package2\Setup\TOBITCLT.DLL
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\nsqBD6D.tmp\System.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\nsqBD6D.tmp\UAC.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\dragon_support_packager.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\instmsiw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\WindowsInstaller-KB893803-x86.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\ISSetupPrerequisites\dotNetFramework\dotNetFx40_Full_x86_x64.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\Documentation\NuancePDFReader_EFGDIS.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\chrome_logic.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\dp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\QtraxInstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is1590112554\OpenItSetup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is1590112554\wajam_validate.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\busA37F\ff21v.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\ccp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\enhancedNT.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\ccp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\enhancedNT.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\BUSolution.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\AccessibleMarshal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\breakpadinjector.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\crashreporter.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\D3DCompiler_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\firefox.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\freebl3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\gkmedias.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\libEGL.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\libGLESv2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\maintenanceservice.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\maintenanceservice_installer.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\mozalloc.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\mozglue.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\mozjs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\msvcp100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\msvcr100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\nss3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\nssckbi.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\nssdbm3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\plugin-container.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\plugin-hang-ui.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\softokn3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\updater.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\webapp-uninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\webapprt-stub.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\xul.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\uninstall\helper.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\browser\components\browsercomps.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\ccp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\enhancedNT.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 10:05

==================== End Of Log ============================
--- --- ---

--- --- ---
__________________
 

Themen zu PUP.Optional.Delta.A
entfern, entfernt, fenster, fenster öffnen sich, files, firefox, gefunde, hoffe, konnte, malwarebytes, pup.optional.delta.a, start, öffnen, öffnet


« 2ter Rechner mit Win32.downloader.gen (Win 7) | Win7: PUP.Optional. in allen Varianten Delta.a/s/d usw. komplettes System verseucht »


Ähnliche Themen: PUP.Optional.Delta.A


  1. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  2. PUP.optional.Delta.A
    Log-Analyse und Auswertung - 23.10.2014 (4)
  3. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  4. PUP.Optional.Delta.A Windows 7
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (14)
  5. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  6. MBAM Scan findet Pup.Optional.Delta.A
    Log-Analyse und Auswertung - 19.06.2014 (7)
  7. PUP.Optional.Delta.A Windows 7
    Plagegeister aller Art und deren Bekämpfung - 26.05.2014 (3)
  8. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  9. Pub.Optional.Delta.A nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (12)
  10. Tastatur generiert Anschläge; Malwarebytes findet PUP.Optional.Delta.A, -MixiDJToolbar.A, -BProtector.A, -Babylon.A u.a.
    Log-Analyse und Auswertung - 08.01.2014 (15)
  11. PUP.Optional.Delta.A im Heimnetzwerk/im Backup
    Log-Analyse und Auswertung - 09.10.2013 (9)
  12. Windows 7: Fehlermeldung: Loadlibrary failed in TSRitem-nach Scan: Pub.optional. delta ...Virenbefall?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (16)
  13. PUP Optional Delta A und PUP optional mit verschiedenen endungen
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (15)
  14. Win7: PUP.Optional. in allen Varianten Delta.a/s/d usw. komplettes System verseucht
    Log-Analyse und Auswertung - 02.09.2013 (13)
  15. 2x | 105 Infizierte Objekte, Hauptsächlich PUP.Optional.delta.a/b etc.
    Mülltonne - 31.08.2013 (1)
  16. PUP.Optional.BrowserDefender.A, PUP.Optional.Babylon.A, PUP.Optional.Delta
    Log-Analyse und Auswertung - 25.08.2013 (8)
  17. PUP.Optional.Delta.A
    Log-Analyse und Auswertung - 09.08.2013 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PUP.Optional.Delta.A - Das hat gut geklappt! Herzlichen dank! Hier meine files: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v3.001 - Report created 01/09/2013 at 12:02:19 # Updated 24/08/2013 by Xplode # Operating - PUP.Optional.Delta.A...
Archiv
Du betrachtest: PUP.Optional.Delta.A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131